diff --git a/third_party/cert-manager-latest/net-certmanager.yaml b/third_party/cert-manager-latest/net-certmanager.yaml index beb362164c20..03dd62d50d25 100644 --- a/third_party/cert-manager-latest/net-certmanager.yaml +++ b/third_party/cert-manager-latest/net-certmanager.yaml @@ -19,7 +19,7 @@ metadata: name: knative-serving-certmanager labels: app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231107-c09b46ca" + app.kubernetes.io/version: "20231110-57baadad" app.kubernetes.io/name: knative-serving serving.knative.dev/controller: "true" networking.knative.dev/certificate-provider: cert-manager @@ -52,7 +52,7 @@ metadata: name: config.webhook.net-certmanager.networking.internal.knative.dev labels: app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231107-c09b46ca" + app.kubernetes.io/version: "20231110-57baadad" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager webhooks: @@ -93,7 +93,7 @@ metadata: namespace: knative-serving labels: app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231107-c09b46ca" + app.kubernetes.io/version: "20231110-57baadad" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager @@ -119,7 +119,7 @@ metadata: namespace: knative-serving labels: app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231107-c09b46ca" + app.kubernetes.io/version: "20231110-57baadad" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager data: @@ -138,23 +138,32 @@ data: # These sample configuration options may be copied out of # this block and unindented to actually change the configuration. - # issuerRef is a reference to the issuer for cluster external certificates used for ingress. + # issuerRef is a reference to the issuer for external-domain certificates used for ingress. # IssuerRef should be either `ClusterIssuer` or `Issuer`. # Please refer `IssuerRef` in https://github.com/cert-manager/cert-manager/tree/master/pkg/apis/certmanager/v1/types_certificate.go # for more details about IssuerRef configuration. - # If the issuerRef is not specified, the self-signed `knative-internal-encryption-ca` ClusterIssuer is used. + # If the issuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. issuerRef: | kind: ClusterIssuer name: letsencrypt-issuer - # clusterInternalIssuerRef is a reference to the issuer for cluster internal certificates used for ingress. - # ClusterInternalIssuerRef should be either `ClusterIssuer` or `Issuer`. + # clusterLocalIssuerRef is a reference to the issuer for cluster-local-domain certificates used for ingress. + # clusterLocalIssuerRef should be either `ClusterIssuer` or `Issuer`. # Please refer `IssuerRef` in https://github.com/cert-manager/cert-manager/tree/master/pkg/apis/certmanager/v1/types_certificate.go # for more details about ClusterInternalIssuerRef configuration. - # If the clusterInternalIssuerRef is not specified, the self-signed `knative-internal-encryption-ca` ClusterIssuer is used. - clusterInternalIssuerRef: | + # If the clusterLocalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + clusterLocalIssuerRef: | kind: ClusterIssuer - name: knative-internal-encryption-issuer + name: your-company-issuer + + # systemInternalIssuerRef is a reference to the issuer for certificates for system-internal-tls certificates used by Knative internal components. + # systemInternalIssuerRef should be either `ClusterIssuer` or `Issuer`. + # Please refer `IssuerRef` in https://github.com/cert-manager/cert-manager/tree/master/pkg/apis/certmanager/v1/types_certificate.go + # for more details about ClusterInternalIssuerRef configuration. + # If the systemInternalIssuerRef is not specified, the self-signed `knative-selfsigned-issuer` ClusterIssuer is used. + systemInternalIssuerRef: | + kind: ClusterIssuer + name: knative-selfsigned-issuer --- # Copyright 2020 The Knative Authors @@ -178,7 +187,7 @@ metadata: namespace: knative-serving labels: app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231107-c09b46ca" + app.kubernetes.io/version: "20231110-57baadad" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager spec: @@ -190,7 +199,7 @@ spec: labels: app: net-certmanager-controller app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231107-c09b46ca" + app.kubernetes.io/version: "20231110-57baadad" app.kubernetes.io/name: knative-serving spec: serviceAccountName: controller @@ -198,7 +207,7 @@ spec: - name: controller # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-nightly/knative.dev/net-certmanager/cmd/controller@sha256:b158663e24103e6b049557e3a666e6ebd8c42bf93a8224926fe21eabacb4520d + image: quay.io/rlehmann/net-certmanager-controller:latest resources: requests: cpu: 30m @@ -239,7 +248,7 @@ metadata: labels: app: net-certmanager-controller app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231107-c09b46ca" + app.kubernetes.io/version: "20231110-57baadad" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager name: net-certmanager-controller @@ -277,7 +286,7 @@ metadata: name: selfsigned-cluster-issuer labels: app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231107-c09b46ca" + app.kubernetes.io/version: "20231110-57baadad" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager spec: @@ -286,28 +295,28 @@ spec: apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: - name: knative-internal-encryption-issuer + name: knative-selfsigned-issuer labels: app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231107-c09b46ca" + app.kubernetes.io/version: "20231110-57baadad" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager spec: ca: - secretName: knative-internal-encryption-ca + secretName: knative-selfsigned-ca --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: knative-internal-encryption-ca + name: knative-selfsigned-ca namespace: cert-manager # If you want to use it as a ClusterIssuer the secret must be in the cert-manager namespace. labels: app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231107-c09b46ca" + app.kubernetes.io/version: "20231110-57baadad" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager spec: - secretName: knative-internal-encryption-ca + secretName: knative-selfsigned-ca commonName: knative.dev usages: - server auth @@ -338,7 +347,7 @@ metadata: namespace: knative-serving labels: app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231107-c09b46ca" + app.kubernetes.io/version: "20231110-57baadad" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager spec: @@ -351,7 +360,7 @@ spec: labels: app: net-certmanager-webhook app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231107-c09b46ca" + app.kubernetes.io/version: "20231110-57baadad" app.kubernetes.io/name: knative-serving role: net-certmanager-webhook spec: @@ -360,7 +369,7 @@ spec: - name: webhook # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/knative-nightly/knative.dev/net-certmanager/cmd/webhook@sha256:5d890bbbabbe36c09f1c5c026fd3f4e12e0f4a5773d816bb434dbf9a518334c4 + image: quay.io/rlehmann/net-certmanager-webhook:latest resources: requests: cpu: 20m @@ -426,7 +435,7 @@ metadata: labels: role: net-certmanager-webhook app.kubernetes.io/component: net-certmanager - app.kubernetes.io/version: "20231107-c09b46ca" + app.kubernetes.io/version: "20231110-57baadad" app.kubernetes.io/name: knative-serving networking.knative.dev/certificate-provider: cert-manager spec: diff --git a/third_party/kourier-latest/kourier.yaml b/third_party/kourier-latest/kourier.yaml index 23d286fbf151..f2fb30d60597 100644 --- a/third_party/kourier-latest/kourier.yaml +++ b/third_party/kourier-latest/kourier.yaml @@ -20,7 +20,7 @@ metadata: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/name: knative-serving app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231102-1930e146" + app.kubernetes.io/version: "20231110-1c93d51b" --- # Copyright 2020 The Knative Authors @@ -45,7 +45,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231102-1930e146" + app.kubernetes.io/version: "20231110-1c93d51b" app.kubernetes.io/name: knative-serving data: envoy-bootstrap.yaml: | @@ -55,7 +55,7 @@ data: api_type: GRPC rate_limit_settings: {} grpc_services: - - envoy_grpc: {cluster_name: xds_cluster} + - envoy_grpc: {cluster_name: xds_cluster} cds_config: resource_api_version: V3 ads: {} @@ -133,9 +133,9 @@ data: type: STRICT_DNS admin: access_log: - - name: envoy.access_loggers.stdout - typed_config: - "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog + - name: envoy.access_loggers.stdout + typed_config: + "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog address: pipe: path: /tmp/envoy.admin @@ -168,7 +168,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231102-1930e146" + app.kubernetes.io/version: "20231110-1c93d51b" app.kubernetes.io/name: knative-serving data: _example: | @@ -248,7 +248,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231102-1930e146" + app.kubernetes.io/version: "20231110-1c93d51b" app.kubernetes.io/name: knative-serving --- apiVersion: rbac.authorization.k8s.io/v1 @@ -258,7 +258,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231102-1930e146" + app.kubernetes.io/version: "20231110-1c93d51b" app.kubernetes.io/name: knative-serving rules: - apiGroups: [""] @@ -287,7 +287,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231102-1930e146" + app.kubernetes.io/version: "20231110-1c93d51b" app.kubernetes.io/name: knative-serving roleRef: apiGroup: rbac.authorization.k8s.io @@ -321,7 +321,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231102-1930e146" + app.kubernetes.io/version: "20231110-1c93d51b" app.kubernetes.io/name: knative-serving spec: strategy: @@ -343,7 +343,7 @@ spec: app: net-kourier-controller spec: containers: - - image: gcr.io/knative-nightly/knative.dev/net-kourier/cmd/kourier@sha256:f79c3befc15db6e0ab1890a9488fabe6e31e1158e762922ffa56ecb72d6771fe + - image: quay.io/rlehmann/kourier-controller/main.go:latest name: controller env: - name: CERTS_SECRET_NAMESPACE @@ -395,7 +395,7 @@ spec: cpu: 200m memory: 200Mi limits: - cpu: 500m + cpu: "1" memory: 500Mi restartPolicy: Always serviceAccountName: net-kourier @@ -408,7 +408,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231102-1930e146" + app.kubernetes.io/version: "20231110-1c93d51b" app.kubernetes.io/name: knative-serving spec: ports: @@ -443,7 +443,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231102-1930e146" + app.kubernetes.io/version: "20231110-1c93d51b" app.kubernetes.io/name: knative-serving spec: strategy: @@ -552,7 +552,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231102-1930e146" + app.kubernetes.io/version: "20231110-1c93d51b" app.kubernetes.io/name: knative-serving spec: ports: @@ -576,7 +576,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231102-1930e146" + app.kubernetes.io/version: "20231110-1c93d51b" app.kubernetes.io/name: knative-serving spec: ports: @@ -600,7 +600,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231102-1930e146" + app.kubernetes.io/version: "20231110-1c93d51b" app.kubernetes.io/name: knative-serving spec: minReplicas: 1 @@ -626,7 +626,7 @@ metadata: labels: networking.knative.dev/ingress-provider: kourier app.kubernetes.io/component: net-kourier - app.kubernetes.io/version: "20231102-1930e146" + app.kubernetes.io/version: "20231110-1c93d51b" app.kubernetes.io/name: knative-serving spec: minAvailable: 80%